Sep 17, 2019

For a while I've been building my resume(s) by using a LaTeX template (specifically [0]) and copy-pasting data from my LinkedIn profile which I keep fairly up-to-date. It's worked pretty well for me especially when I had to put together academic resumes for which I could just add my publication through the standard LaTeX bibliography practices.

I've toyed with the idea of making a resume generator SaaS where the user would enter their LinkedIn URL which my app would scrape and use it to populate different LaTeX templates rendered server-side into PDFs (for free) while offering some sort of editor or the raw LaTeX (in a premium version) where the user could apply edits.

While AFAIK scraping LinkedIn was deemed lawful in some previous court case [1] I fear it would be a hard sell. Wonder what kinda trouble I would run into.

[0] [1]

Sep 11, 2019

At least in the western United States, scraping is fine: . LinkedIn was even a party to this case!

The UID->email data dump was not, AFAIK, legal though.

Sep 09, 2019

A choice quote:

> In recognizing that the CFAA is best understood as an anti-intrusion statute and not as a “misappropriation statute,” Nosal I, 676 F.3d at 857–58, we rejected the contract-based interpretation of the CFAA’s “without authorization” provision adopted by some of our sister circuits. Compare Facebook, Inc. v. Power Ventures, Inc., 844 F.3d 1058, 1067 (9th Cir. 2016), cert. denied, 138 S. Ct. 313 (2017) (“[A] violation of the terms of use of a website—without more— cannot establish liability under the CFAA.”); Nosal I, 676 F.3d at 862 (“We remain unpersuaded by the decisions of our sister circuits that interpret the CFAA broadly to cover violations of corporate computer use restrictions or violations of a duty of loyalty.”), with EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577, 583–84 (1st Cir. 2001) (holding that violations of a confidentiality agreement or other contractual restraints could give rise to a claim for unauthorized access under the CFAA); United States v. Rodriguez, 628 F.3d 1258, 1263 (11th Cir. 2010) (holding that a defendant “exceeds authorized access” when violating policies governing authorized use of databases).


> As one prominent commentator has put it, “an authentication requirement, such as a password gate, is needed to create the necessary barrier that divides open spaces from closed spaces on the Web.” Orin S. Kerr, Norms of Computer Trespass, 116 Colum. L. Rev. 1143, 1161 (2016). Moreover, elsewhere in the statute, password fraud is cited as a means by which a computer may be accessed without authorization, see 18 U.S.C. § 1030(a)(6),12 bolstering the idea that authorization is only required for password-protected sites or sites that otherwise prevent the general public from viewing the information.

My layman's (IANAL) interpretation of preliminary injunctions are that the case is far from over, and this could be overturned at any time as more deliberation is done (assuming LinkedIn wants to keep throwing money at that relatively slim possibility). But now this research has been done, and future courts have the ability to look to these references and lines of reasoning all in one place.

EDIT: is an analysis by the law professor cited above:

> BIG NEWS: 9th Circuit holds that scraping a public website likely does not violate the CFAA, even after website owner prohibits with a cease-and-desist letter; language strongly suggests CFAA only applies to bypassing authentication. Blog post up soon. #N